Third-Party Audits and FSMA
Back to FSMA Final Rule on Accredited Third-Party Certification
The FDA Food Safety Modernization Act (FSMA) establishes a framework that involves multiple layers of protection and recognizes the important role we all play in protecting consumers from unsafe food. At its core, however, FSMA makes it clear that the food industry has the primary responsibility for food safety. FDA’s role is to establish strong, risk-based food safety standards and to oversee industry to help ensure that it is meeting these standards. Independent of FDA’s oversight role, FSMA also puts an obligation on certain entities in the food industry to verify that their suppliers are meeting FDA food safety standards. The agency contemplates a role for reliable, third-party audits, whether they’re conducted by a government agency or a private concern.
Accredited Third-Party Certification Rule
The final rule establishes a voluntary program for the accreditation of third-party certification bodies (CBs) to conduct food safety audits and issue certifications for foreign facilities, and the foods – for both people and animals -- that they produce.
Certifications issued under FDA’s third-party program have two stated purposes under FSMA:
- Importers will use facility certifications from foreign suppliers in helping to establish their eligibility to participate in the Voluntary Qualified Importer Program (VQIP), which is a voluntary program that provides for the expedited entry of food imported by participating importers.
- FSMA also provides FDA with a new tool to require certification as a condition of entry when certain statutory criteria are met. For example, those criteria include:
- safety risks associated with the food product,
- food safety risks associated with the country, region, or origin of the food, and
- the capability of the regulatory system of the exporting nation to ensure compliance with FDA safety standards. FDA intends to use this tool in limited circumstances.
Supplier Verification in the Foreign Supplier Verification Program (FSVP) and Preventive Controls (PC) Rules
The use of on-site audits is one option when conducting supplier verification activities under the Foreign Supplier Verification Program and Preventive Controls rules. (While importers and processors have flexibility to choose a verification activity that is appropriate to the risks associated with the food and supplier, an annual on-site audit is the default supplier verification activity when there is a reasonable probability that exposure to a hazard requiring control will result in serious adverse health consequences or death to humans or animals.)
These onsite audits do not have to be conducted by auditors accredited under FDA’s third-party certification program. The regulations simply state that the audits must be conducted by “qualified auditors” (i.e., auditors with appropriate experience, training, education, or a combination thereof). Thus, an importer or processor may choose a certification body that has been accredited under FDA’s third-party program or not. Two key requirements are:
- that they use a “qualified auditor ” (including that the auditor must not have any financial conflicts of interests that influence the results of the verification activities), and
- that the audits consider applicable FDA food safety standards, such as the PC rules and produce rule.
Potential for Leveraging Audits in Produce Rule Compliance Strategies
FDA envisions a broad, collaborative effort for achieving compliance with the produce rule. While audits are not required, FDA contemplates leveraging third-party audits as part of its overall compliance strategy. The agency intends to do this, in part, by building on current private audit activity and by working with the produce industry and other government and private partners to strengthen the rigor and reliability of private audits.